using System.Data;
using CSFrameworkV4_5.Common;
using CSFrameworkV4_5.Core.SystemSecurity;
using CSFrameworkV4_5.Models;
using CSFrameworkV4_5.Server.DataAccess.DAL_Permission;
namespace CSFrameworkV4_5.WCFContract
{
/// <summary>
///服务端:WCF服务层安全检查核心类
/// </summary>
public static class WebSecurity
{
/// <summary>
/// 检查客户端恶意访问后台
/// </summary>
private static bool _AttackValidation = false;
/// <summary>
/// 是否检查客户端恶意攻击
/// </summary>
public static bool AttackValidation
{
get { return _AttackValidation; }
set { _AttackValidation = value; }
}
/// <summary>
/// 用户登录的验证码,防止用户恶意攻击Login接口.
/// </summary>
/// <param name="identity">验证码</param>
/// <returns></returns>
public static bool ValidateLoginIdentity(byte[] identity)
{
//是否连续攻击
if (WebSecurity.AttackValidation) AttackRecorder.IsAttack();
bool isIdentity = WebServiceSecurity.ValidateLoginIdentity(identity);
return isIdentity;
}
public static Loginer ValidateLoginer(byte[] loginTicket)
{
//是否连续攻击
if (WebSecurity.AttackValidation) AttackRecorder.IsAttack();
//加密令牌解析成功
Loginer user = WebServiceSecurity.ValidateLoginer(loginTicket);
//检查用户名及密码
if (!ActivityUserCache.ValidateUser(user.Account, user.Password))
throw new CustomException("用户名或密码不正确!");
return user;
}
/// <summary>
/// 检查用户登录凭证,并且检查两次访问时间
/// </summary>
/// <param name="loginer">用户登录凭证</param>
/// <param name="checkAttack">检查连续调用方法攻击</param>
/// <returns></returns>
public static Loginer ValidateLoginer(byte[] loginTicket, bool checkAttack)
{
if (checkAttack) AttackRecorder.IsAttack();
//加密令牌解析成功
Loginer user = WebServiceSecurity.ValidateLoginer(loginTicket);
//检查用户名及密码
if (!ActivityUserCache.ValidateUser(user.Account, user.Password))
throw new CustomException("用户名或密码不正确!");
return user;
}
}
}
浙公网安备 33010602011771号